Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/u80_DcP_Ahsq6Uf_dERk6yo7m-k.roa
File: u80_DcP_Ahsq6Uf_dERk6yo7m-k.roa (raw, json)
Hash identifier: TSmsdgsB/TPfUAkPW2Y2A1f7rE/QwUIGL6qqppFbNhM=
Subject key identifier: BB:CD:3F:0D:C3:FF:02:1B:2A:E9:47:FF:74:44:64:EB:2A:3B:9B:E9
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 01830A0771D616539A205CCCB4AC2F1724C7
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/u80_DcP_Ahsq6Uf_dERk6yo7m-k.roa
Signing time: Sun 04 Sep 2022 19:43:23 +0000
ROA not before: Sun 04 Sep 2022 19:43:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 194.113.35.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
45.143.164.0/24 maxlen: 24
37.44.192.0/24 maxlen: 24
37.44.195.0/24 maxlen: 24
37.44.193.0/24 maxlen: 24
37.44.194.0/24 maxlen: 24
2a09:fb86::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:0a:07:71:d6:16:53:9a:20:5c:cc:b4:ac:2f:17:24:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Sep 4 19:43:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bbcd3f0dc3ff021b2ae947ff744464eb2a3b9be9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:40:2d:b7:5f:31:63:42:0b:88:a0:39:03:d2:
6e:e1:71:58:8f:bf:d6:2c:8b:53:e4:84:c0:79:87:
d8:6e:92:97:67:9c:a8:37:85:d9:b5:90:69:e7:39:
45:ad:dc:45:24:7c:6e:c9:66:fa:e1:fa:b4:01:32:
80:de:d6:9e:cb:d5:7e:36:51:b9:19:45:3c:73:5d:
22:f7:d1:49:91:4c:bf:81:32:32:d1:49:95:c3:7b:
d6:02:ef:d8:0a:e2:51:bb:17:9a:88:ca:e2:1c:83:
67:29:81:3c:24:1d:3b:9d:ee:45:d0:cd:7d:e9:31:
95:ea:ae:7e:df:a7:ed:c6:5d:79:0a:f3:85:c5:53:
cf:97:54:85:10:9a:de:cd:b2:b6:75:15:82:81:9f:
23:a8:4c:ce:15:cb:4b:f6:86:dd:1d:41:af:f3:4b:
f6:26:f3:fb:bb:f7:05:7e:f6:24:fa:9a:24:8b:3d:
57:fa:32:8c:98:4b:47:4c:d4:38:cc:82:54:13:2f:
d0:ca:a2:48:a1:c2:3b:a0:71:2e:cc:b6:3f:88:c9:
40:35:a4:87:dc:d3:33:22:dd:d9:d9:89:f0:b8:e7:
c3:d9:c8:de:fe:3d:6e:7f:c7:ad:68:c1:b3:fc:d5:
38:25:f1:c5:11:20:c9:59:46:74:26:b7:43:10:19:
80:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:CD:3F:0D:C3:FF:02:1B:2A:E9:47:FF:74:44:64:EB:2A:3B:9B:E9
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/u80_DcP_Ahsq6Uf_dERk6yo7m-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
37.44.192.0/22
45.143.164.0/24
194.113.35.0/24
IPv6:
2a09:fb86::/32
Signature Algorithm: sha256WithRSAEncryption
63:fe:c6:54:c0:99:05:47:8f:74:2d:e7:e7:25:e8:79:39:73:
e6:3e:00:8c:a2:e5:a7:17:45:47:59:4b:4e:6e:6b:39:5d:b3:
bb:ee:76:4f:fe:e2:39:10:79:df:ee:53:88:a1:f6:cd:3d:ac:
f4:b7:1e:41:fa:15:03:13:52:79:51:7a:9b:14:08:21:5f:d4:
31:ff:87:90:ef:44:b7:6b:79:37:13:c4:2b:4d:21:46:de:c3:
1c:2f:4e:ab:f9:f1:14:ad:ce:f2:ad:80:9e:a5:a4:cf:3e:82:
6a:f6:53:e7:18:da:29:3a:60:b5:93:48:ef:a4:03:36:be:de:
43:99:e2:7c:25:ed:70:08:c1:b4:3e:a5:f2:75:76:25:0d:66:
24:53:d7:24:4a:b6:bc:a4:83:07:f2:e9:24:97:77:ea:47:1e:
5b:06:d2:4d:44:27:b6:84:dc:68:a1:05:05:41:2f:5a:c2:6c:
87:61:d3:f0:8c:c6:77:c5:90:35:14:e8:bc:e4:2a:65:73:70:
8a:47:fa:fb:39:f0:5f:5f:0f:91:30:cf:3e:40:43:c6:22:5e:
6a:9e:0a:43:eb:fc:7a:46:94:17:13:d2:15:31:1f:12:14:10:
ad:c0:1c:40:cb:e7:9a:33:1c:db:94:78:e9:cd:3c:e7:55:67:
b9:95:b9:9a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYMKB3HWFlOaIFzMtKwvFyTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjIwOTA0MTk0MzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmNkM2YwZGMzZmYwMjFiMmFlOTQ3ZmY3NDQ0NjRlYjJhM2I5YmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EAtt18xY0ILiKA5A9Ju4XFYj7/W
LItT5ITAeYfYbpKXZ5yoN4XZtZBp5zlFrdxFJHxuyWb64fq0ATKA3taey9V+NlG5
GUU8c10i99FJkUy/gTIy0UmVw3vWAu/YCuJRuxeaiMriHINnKYE8JB07ne5F0M19
6TGV6q5+36ftxl15CvOFxVPPl1SFEJrezbK2dRWCgZ8jqEzOFctL9obdHUGv80v2
JvP7u/cFfvYk+pokiz1X+jKMmEtHTNQ4zIJUEy/QyqJIocI7oHEuzLY/iMlANaSH
3NMzIt3Z2YnwuOfD2cje/j1uf8etaMGz/NU4JfHFESDJWUZ0JrdDEBmAjQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLvNPw3D/wIbKulH/3REZOsqO5vpMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvdTgwX0RjUF9BaHNxNlVmX2RFUms2eW83bS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCBbUAAwQC
JSzAAwQALY+kAwQAwnEjMA0EAgACMAcDBQAqCfuGMA0GCSqGSIb3DQEBCwUAA4IB
AQBj/sZUwJkFR490LefnJeh5OXPmPgCMouWnF0VHWUtObms5XbO77nZP/uI5EHnf
7lOIofbNPaz0tx5B+hUDE1J5UXqbFAghX9Qx/4eQ70S3a3k3E8QrTSFG3sMcL06r
+fEUrc7yrYCepaTPPoJq9lPnGNopOmC1k0jvpAM2vt5DmeJ8Je1wCMG0PqXydXYl
DWYkU9ckSra8pIMH8ukkl3fqRx5bBtJNRCe2hNxooQUFQS9awmyHYdPwjMZ3xZA1
FOi85Cplc3CKR/r7OfBfXw+RMM8+QEPGIl5qngpD6/x6RpQXE9IVMR8SFBCtwBxA
y+eaMxzblHjpzTznVWe5lbma
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:00 2024 by rpki-client on console-ams.rpki-client.org